This section provides background information related to the present disclosure which is not necessarily prior art.
In the third-generation wireless telecommunications standard, the GAA is a generic architecture that is used by multiple application service entities to authenticate the user identity. The GAA can be used to check and authenticate the identity of a user of an application service. The foregoing multiple application services include multicast/broadcast services, user license services, instant messaging services, and agent services.
FIG. 1 shows the GAA in the prior art. As shown in FIG. 1, the GAA consists of a user, a BSF entity that performs initial authentication of the user identity, a home subscriber server (HSS), and a network application function (NAF) entity. Hereinafter the BSF entity is referred to as “BSF” and the NAF entity is referred to as “NAF”. The BSF and the user authenticate each other mutually. During the mutual authentication, the identity is verified mutually, and a shared key is generated for the BSF and the user. The mutual authentication process is also known as a bootstrapping process or a GBA process. The user capable of implementing the GBA process with the BSF is known as a GBA-enabled user. The HSS stores a profile that describes the user information (user profile), and also provides the function of generating authentication information. The NAF can represent different network application function entities. To implement a service, the user must access the NAF corresponding to the service, and communicate with the NAF. The interfaces between the entities are shown in FIG. 1. The BSF is connected to the NAF through a Zn interface; the user is connected to the BSF or the NAF through a user equipment (UE); the UE is connected to the BSF through a Ub interface, and connected to the NAF through a Ua interface.
To use a service, namely, to access the NAF corresponding to the service, the user performs the bootstrapping process at the BSF through the UE if the user knows that the service needs mutual authentication at the BSF. Otherwise, the user first originates a connection request to the NAF corresponding to the service. If the NAF adopts a GAA (namely, supports the GAA function) and finds that the user that originates the connection request has not performed mutual authentication at the BSF, the NAF notifies the user to perform the bootstrapping process at the BSF.
Subsequently, the user performs mutual authentication with the BSF by implementing a bootstrapping process between the UE and the BSF. The UE sends an authentication request to the BSF. This authentication request carries the user's private identity (for example, IP multimedia private identity, referred to as “IMPI” herein) or carries an IMPI derived from an international mobile subscriber identifier (IMSI). After receiving the authentication request from the user, the BSF acquires the authentication information of the user from the HSS. The authentication request message sent by the BSF to the HSS also carries an IMPI. According to the IMPI of the user, the HSS searches out the authentication information, generates authentication vectors and returns the vectors to the BSF. The BSF performs mutual authentication and key negotiation with the UE according to the acquired authentication information. Upon completion of the bootstrapping process, the UE and the BSF authenticate each other and generate a shared key “Ks”. The BSF defines a validity period “Key-lifetime” for the shared key “Ks”, and allocates a temporary identity, for example, a B-TID, to the user; the BSF and the UE store the shared key “Ks”, the B-TID, and the validity period correlatively. When the user wants to communicate with the NAF, the UE sends a connection request carrying the B-TID to the NAF again. The UE calculates out the derivative key “NAF specific key” through a preset derivative algorithm according to the shared key “Ks”.
After receiving the connection request, the NAF sends a query request message to the BSF to search for the B-TID if it fails to find the B-TID locally, where the message carries the identity of the NAF and this B-TID. If the BSF fails to find the B-TID locally, the BSF notifies the NAF that no information about the user is available. In this case, the NAF notifies the user to perform mutual authentication at the BSF. If the BSF finds the B-TID, the BSF calculates the derivative key of the shared key “Ks” through the same derivative algorithm as applied at the user side, and then sends a success response message to the NAF. The success response message carries the B-TID, the derivative key corresponding to the B-TID, and the validity period of the shared key “Ks”. After receiving the success response message from the BSF, the NAF regards the user as a legal user that has passed the BSF authentication. The NAF shares the derivative key calculated from the shared key “Ks”. This derivative key is the same as the derivative key calculated out by the user according to the shared key “Ks”. In the subsequent access to the NAF, the user uses the derivative key to protect the communications with the NAF.
When the user discovers that the shared key “Ks” will soon expire, or the NAF requires the user to perform mutual authentication at the BSF again, the user repeats the foregoing mutual authentication steps at the BSF to obtain a new shared key “Ks” and a new “B-TID”.
In current practice, the IMPI carried in the authentication request is sent in the form of plain text, which makes the user's IMPI vulnerable to wiretap. For every re-authentication request received, the BSF acquires a group of authentication vectors from the HSS. After a malicious attacker acquires the IMPIs of multiple users through wiretap, if the attacker uses such IMPIs to send re-authentication requests to the BSF, the BSF needs to acquire authentication vectors from the HSS continuously after receiving the IMPIs of multiple users. As long as the attacker uses the IMPI to send re-authentication requests continuously, the BSF will acquire authentication vectors from the HSS continuously so that the BSF will be attacked maliciously.
A solution to the foregoing problem in the prior art is: If the UE has a valid temporary identity (such as TMPI, B-TID), the temporary identity will be used to replace the IMPI in the request, so as to reduce the frequency of using the IMPI at the Ub interface and avoid IMPI interception. Because temporary identities are frequently used at the Ua interface, however, attackers may intercept temporary identities from the Ua interface, and use the temporary identities to attack the BSF through the Ub interface. Therefore, the prior art does not protect the BSF from malicious attack effectively.